Hi, sorry to bother you again. Today I am looking at the SMB Analyzer, and I have few questions. -Why did you choose to anlayse the SNIA-CIFS version, and not the others ? (http://www.cifs.org/wiki/SMB/CIFS_References). Some of them have new dialects and don't match anymore :s . (I know, the SMB documentation is a real mess.. ).
-Some events are not well written into the event.bif : For instance, the smb_com_negotiate event is build with 3 arguments 336 vl->append(analyzer->BuildConnVal()); 337 vl->append(BuildHeaderVal(hdr)); 338 vl->append(t); // which are the possible dialects 339 340 analyzer->ConnectionEvent(smb_com_negotiate, vl); But in the event.bif the event is declared as follow without the last argument: 3851 event smb_com_negotiate%(c: connection, hdr: smb_hdr%); -If I would add some parts of an other dialect, how should I implement it ? Add a dialect field in the SMB_session, and duplicate binpac if the protocols are different? Nicolas _______________________________________________ bro-dev mailing list [email protected] http://mailman.icsi.berkeley.edu/mailman/listinfo/bro-dev
